|
Multiple Vendor CDE ToolTalk Database Server Symbolic Link Vulnerability
Solution: HP has stated that HP-MPE/ix HP OpenVMS HP NonStop Servers are not vulnerable to this issue. HP has also revised an advisory with fix information. Users running HP-UX 10.10 are advised to contact security-alert@hp.com for fix information. Compaq Computer Corporation CROSS REFERENCE: SSRT2251 At this time Compaq does have solutions in final testing and will publish HP Tru64 UNIX security bulletin (SSRT2251) with patch information as soon as testing has completed and kits are available from the support ftp web site. Cray, Inc. Cray, Inc. does include ToolTalk within the CrayTools product. However, rpc.ttdbserverd is not turned on or used by any Cray provided application. Since a site may have turned this on for their own use, they can always remove the binary /opt/ctl/bin/rpc.ttdbserverd if they are concerned. IBM Corporation The CDE desktop product shipped with AIX is vulnerable to both the issues detailed above in the advisory. This affects AIX releases 4.3.3 and 5.1.0. Patches have been made available. Sun Microsystems, Inc. The Solaris RPC-based ToolTalk database server, rpc.ttdbserverd, is vulnerable to the two vulnerabilities [VU#975403 VU#299816] described in this advisory in all currently supported versions of Solaris: Solaris 2.5.1, 2.6, 7, 8, and 9 Patches are available for the following releases: 2.6, 7, 8, and 9. Xi Graphics Xi Graphics deXtop CDE v2.1 is vulnerable to this attack. A update correcting this issue will be available on our ftp site once this vulnerability has been publically announced. When announced, the update and accompanying text file will be: ftp://ftp.xig.com/pub/updates/dextop/2.1/DEX2100.016.tar.gz ftp://ftp.xig.com/pub/updates/dextop/2.1/DEX2100.016.txt SGI has released a new advisory. A new patch, 4669, is available for IRIX 6.5.13 to 6.5.17. Sun has released a revision of their advisory dealing with this issue. Please see the referenced advisory for more informaiton. Sun Solaris 8
IBM AIX 5.1
Sun Solaris 2.6
Sun Solaris 2.6_x86
Sun Solaris 7.0
Sun Solaris 9
Sun Solaris 7.0_x86
Sun Solaris 8_x86
HP HP-UX 10.10
HP HP-UX 10.20
HP HP-UX 10.24
HP HP-UX 11.0
HP HP-UX 11.11
IBM AIX 4.3.3
SGI IRIX 6.5
SGI IRIX 6.5.1
SGI IRIX 6.5.10
SGI IRIX 6.5.10 m
SGI IRIX 6.5.10 f
SGI IRIX 6.5.11
SGI IRIX 6.5.11 m
SGI IRIX 6.5.11 f
SGI IRIX 6.5.12 f
SGI IRIX 6.5.12 m
SGI IRIX 6.5.12
SGI IRIX 6.5.13 f
SGI IRIX 6.5.13 m
SGI IRIX 6.5.13
SGI IRIX 6.5.14 f
SGI IRIX 6.5.14
SGI IRIX 6.5.14 m
SGI IRIX 6.5.15
SGI IRIX 6.5.15 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.16 f
SGI IRIX 6.5.16
SGI IRIX 6.5.16 m
SGI IRIX 6.5.17
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.2 m
SGI IRIX 6.5.2 f
SGI IRIX 6.5.2
SGI IRIX 6.5.3 f
SGI IRIX 6.5.3
SGI IRIX 6.5.3 m
SGI IRIX 6.5.4 m
SGI IRIX 6.5.4
SGI IRIX 6.5.4 f
SGI IRIX 6.5.5
SGI IRIX 6.5.5 f
SGI IRIX 6.5.5 m
SGI IRIX 6.5.6
SGI IRIX 6.5.6 m
SGI IRIX 6.5.6 f
SGI IRIX 6.5.7 m
SGI IRIX 6.5.7
SGI IRIX 6.5.7 f
SGI IRIX 6.5.8 m
SGI IRIX 6.5.8
SGI IRIX 6.5.8 f
SGI IRIX 6.5.9 f
SGI IRIX 6.5.9 m
SGI IRIX 6.5.9
Caldera UnixWare 7.1.1
Caldera OpenUnix 8.0
|
|
 Privacy Statement |
